Using Snort Stealthily
jukal writes "Linux Journal has an article on using Snort as stealth sniffer, a stealth NDIS probe and stealth loger -- on a network interface with no IP address. 'Snort is a versatile and powerful tool for sniffing, intrusion detection and packet logging. Configuring it to run stealthily in sniffing mode or NIDS mode is easy; incorporating it into a stealth-logging solution is only slightly less so'"
So, folks are trying to make Snort do what just about every decent commercial NID sensor does. Now, if it can just achieve the same performance levels and keep state properly....